[go: up one dir, main page]

GB2585170A - Oblivious pseudorandom function in a key management system - Google Patents

Oblivious pseudorandom function in a key management system Download PDF

Info

Publication number
GB2585170A
GB2585170A GB2016232.7A GB202016232A GB2585170A GB 2585170 A GB2585170 A GB 2585170A GB 202016232 A GB202016232 A GB 202016232A GB 2585170 A GB2585170 A GB 2585170A
Authority
GB
United Kingdom
Prior art keywords
key
blinded
computing device
another
oprf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB2016232.7A
Other versions
GB202016232D0 (en
GB2585170B (en
Inventor
K Resch Jason
Mario Krawczyk Hugo
Duane Seaborn Mark
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB202016232D0 publication Critical patent/GB202016232D0/en
Publication of GB2585170A publication Critical patent/GB2585170A/en
Application granted granted Critical
Publication of GB2585170B publication Critical patent/GB2585170B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device processes an input value associated with a key based on a blinding key in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded value and transmits it to another computing device (e.g., that is associated with a Key Management System (KMS) service). The computing device then receives a blinded key that is based on processing of the blinded value based on an OPRF using an OPRF secret. The computing device processes the blinded key based on the blinding key in accordance with the OPRF unblinding operation to generate the key (e.g., to be used for secure information access).

Claims (15)

1. A computing device comprising: an interface configured to interface and communicate with a communication system; memory that stores operational instructions; and processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to: process an input value that is associated with a key based on a blinding key in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded value; transmit, via the communication system, the blinded value to another computing device that is associated with a Key Management System (KMS) service; receive, via the communication system and from the another computing device that is associated with the KMS service, a blinded key, wherein the blinded key is based on processing of the blinded value based on an OPRF using an OPRF secret; process the blinded key based on the blinding key in accordance with an OPRF unblinding operation to generate the key that is associated with the input value; and access secure information based on the key.
2. The computing device of claim 1, wherein: the input value is unknown to the another computing device and includes a key identifier that is associated with the key; the key is unknown to the another computing device and includes a Data Encryption Key (DEK) or a Key Encryption Key (KEK); and the OPRF secret is unknown to the computing device and is based on a Customer Root Key (CRK) that is associated with the computing device.
3. The computing device of claim 1 or claim 2, wherein the key includes a first key or a second key of a pair of asymmetric keys, and wherein the processing circuitry is further configured to execute the operational instructions to: receive, via the communication system and from the another computing device, the blinded key that is associated with the KMS service, structured key parameters, and a deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys; process the blinded key based on the structured key parameters and the deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys to generate another blinded key; and process the another blinded key based on the blinding key in accordance with the OPRF unblinding operation to generate the first key or the second key of the pair of asymmetric keys that is associated with the input value.
4. The computing device of claim 1 or claim 2, wherein the key includes a first key or a second key of a pair of asymmetric keys, and wherein the processing circuitry is further configured to execute the operational instructions to: receive, via the communication system and from the another computing device, the blinded key that is associated with the KMS service, encrypted structured key parameters, and a deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys; process the blinded key to generate another key; process the encrypted structured key parameters based on the another key in accordance with decryption to generate structured key parameters; process the blinded key based on the structured key parameters and the deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys to generate another blinded key; and process the another blinded key based on the blinding key in accordance with the OPRF unblinding operation to generate the first key or the second key of the pair of asymmetric keys that is associated with the input value.
5. The computing device of claim 1 or claim 2, wherein the processing circuitry is further configured to execute the operational instructions to: process another input value that is associated with a private key of a public-private key pair of asymmetric keys based on another blinding key in accordance with the OPRF blinding operation to generate another blinded value that includes an Oblivious Key Access Request (OKAR); transmit, via the communication system, the another blinded value that includes the OKAR to the another computing device that is associated with the KMS service; receive, via the communication system and from the another computing device that is associated with the KMS service, another blinded key, wherein the another blinded key is based on processing of the another blinded value based on the OPRF using the OPRF secret; process the another blinded key based on the another blinding key in accordance with the OPRF unblinding operation to generate the private key of the public-private key pair of asymmetric keys that is associated with the another input value; and process the private key of the public-private key pair of asymmetric keys based on a public key of the public-private key pair of asymmetric keys to verify correctness of the private key of the public-private key pair of asymmetric keys.
6. The computing device of claim 1, wherein the processing circuitry is further configured to execute the operational instructions to: process another input value that is associated with a private key of a public-private key pair of asymmetric keys based on a first other blinding key in accordance with the OPRF blinding operation to generate a first other blinded value that includes a first Oblivious Key Access Request (OKAR); process a challenge value based on a second other blinding key in accordance with the OPRF blinding operation to generate a second other blinded value that includes a second OKAR; transmit, via the communication system, the first other blinded value that includes the first OKAR and the second other blinded value that includes the second OKAR to the another computing device that is associated with the KMS service; receive, via the communication system and from the another computing device that is associated with the KMS service, a first other blinded key, wherein the first other blinded key is based on processing of the first other blinded value based on the OPRF using the OPRF secret; receive, via the communication system and from the another computing device that is associated with the KMS service, a second other blinded key, wherein the second other blinded key is based on processing of the second other blinded value based on the OPRF using the OPRF secret; process the second other blinded key based on the second other blinding key in accordance with the OPRF unblinding operation to generate a response from the another computing device that is associated with the challenge value; determine whether the response from the another computing device that is associated with the challenge value compares favorably to the challenge value; and based on a determination that the response from the another computing device that is associated with the challenge value compares favorably to the challenge value, process the first other blinded key based on the first other blinding key in accordance with the OPRF unblinding operation to generate the private key of the public-private key pair of asymmetric keys that is associated with the another input value.
7. The computing device of any preceding claim, wherein at least one of: the computing device includes a wireless smart phone, a cellular phone, a laptop, a personal digital assistant, a tablet, a personal computers (PC), a work station, or a video game device; or the another computing device includes a Flardware Security Module (HSM).
8. The computing device of any preceding claim, wherein the communication system includes at least one of a wireless communication system, a wire lined communication system, a non-public intranet system, a public internet system, a local area network (LAN), a wireless local area network (WLAN), a wide area network (WAN), a satellite communication system, a fiber-optic communication system, or a mobile communication system.
9. A method for execution by a computing device, the method comprising: processing an input value that is associated with a key based on a blinding key in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded value; transmitting, via an interface of the computing device that is configured to interface and communicate with a communication system, the blinded value to another computing device that is associated with a Key Management System (KMS) service; receiving, via the interface and via the communication system and from the another computing device that is associated with the KMS service, a blinded key, wherein the blinded key is based on processing of the blinded value based on an OPRF using an OPRF secret; processing the blinded key based on the blinding key in accordance with an OPRF unblinding operation to generate the key that is associated with the input value; and accessing secure information based on the key.
10. The method of claim 9, wherein: the input value is unknown to the another computing device and includes a key identifier that is associated with the key; the key is unknown to the another computing device and includes a Data Encryption Key (DEK) or a Key Encryption Key (KEK); and the OPRF secret is unknown to the computing device and is based on a Customer Root Key (CRK) that is associated with the computing device.
11. The method of claim 9 or claim 10, wherein the key includes a first key or a second key of a pair of asymmetric keys, and further comprising: receiving, via the interface and via the communication system and from the another computing device, the blinded key that is associated with the KMS service, structured key parameters, and a deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys; processing the blinded key based on the structured key parameters and the deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys to generate another blinded key; and processing the another blinded key based on the blinding key in accordance with the OPRF unblinding operation to generate the first key or the second key of the pair of asymmetric keys that is associated with the input value.
12. The method of claim 9 or claim 10, wherein the key includes a first key or a second key of a pair of asymmetric keys, and further comprising: receiving, via the interface and via the communication system and from the another computing device, the blinded key that is associated with the KMS service, encrypted structured key parameters, and a deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys; processing the blinded key to generate another key; processing the encrypted structured key parameters based on the another key in accordance with decryption to generate structured key parameters; processing the blinded key based on the structured key parameters and the deterministic function that specifies generation of the first key or the second key of the pair of asymmetric keys to generate another blinded key; and processing the another blinded key based on the blinding key in accordance with the OPRF unblinding operation to generate the first key or the second key of the pair of asymmetric keys that is associated with the input value.
13. The method of claim 9 or claim 10 further comprising: processing another input value that is associated with a private key of a public-private key pair of asymmetric keys based on another blinding key in accordance with the OPRF blinding operation to generate another blinded value that includes an Oblivious Key Access Request (OKAR); transmitting, via the interface and via the communication system, the another blinded value that includes the OKAR to the another computing device that is associated with the KMS service; receiving, via the interface and via the communication system and from the another computing device that is associated with the KMS service, another blinded key, wherein the another blinded key is based on processing of the another blinded value based on the OPRF using the OPRF secret; processing the another blinded key based on the another blinding key in accordance with the OPRF unblinding operation to generate the private key of the public-private key pair of asymmetric keys that is associated with the another input value; and processing the private key of the public-private key pair of asymmetric keys based on a public key of the public-private key pair of asymmetric keys to verify correctness of the private key of the public-private key pair of asymmetric keys.
14. The method of claim 9 further comprising: processing another input value that is associated with a private key of a public-private key pair of asymmetric keys based on a first other blinding key in accordance with the OPRF blinding operation to generate a first other blinded value that includes a first Oblivious Key Access Request (OKAR); processing a challenge value based on a second other blinding key in accordance with the OPRF blinding operation to generate a second other blinded value that includes a second OKAR; transmitting, via the interface and via the communication system, the first other blinded value that includes the first OKAR and the second other blinded value that includes the second OKAR to the another computing device that is associated with the KMS service; receiving, via the interface and via the communication system and from the another computing device that is associated with the KMS service, a first other blinded key, wherein the first other blinded key is based on processing of the first other blinded value based on the OPRF using the OPRF secret; receiving, via the interface and via the communication system and from the another computing device that is associated with the KMS service, a second other blinded key, wherein the second other blinded key is based on processing of the second other blinded value based on the OPRF using the OPRF secret; processing the second other blinded key based on the second other blinding key in accordance with the OPRF unblinding operation to generate a response from the another computing device that is associated with the challenge value; determining whether the response from the another computing device that is associated with the challenge value compares favorably to the challenge value; and based on a determination that the response from the another computing device that is associated with the challenge value compares favorably to the challenge value, processing the first other blinded key based on the first other blinding key in accordance with the OPRF unblinding operation to generate the private key of the public-private key pair of asymmetric keys that is associated with the another input value.
15. The method of claim 9, wherein at least one of: the computing device includes a wireless smart phone, a cellular phone, a laptop, a personal digital assistant, a tablet, a personal computers (PC), a work station, or a video game device; the another computing device includes a Flardware Security Module (HSM); or the communication system includes at least one of a wireless communication system, a wire lined communication system, a non-public intranet system, a public internet system, a local area network (LAN), a wireless local area network (WLAN), a wide area network (WAN), a satellite communication system, a fiber-optic communication system, or a mobile communication system.
GB2016232.7A 2018-03-20 2019-02-26 Oblivious pseudorandom function in a key management system Active GB2585170B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/926,651 US10841080B2 (en) 2018-03-20 2018-03-20 Oblivious pseudorandom function in a key management system
PCT/IB2019/051525 WO2019180521A1 (en) 2018-03-20 2019-02-26 Oblivious pseudorandom function in a key management system

Publications (3)

Publication Number Publication Date
GB202016232D0 GB202016232D0 (en) 2020-11-25
GB2585170A true GB2585170A (en) 2020-12-30
GB2585170B GB2585170B (en) 2021-07-21

Family

ID=67985748

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2016232.7A Active GB2585170B (en) 2018-03-20 2019-02-26 Oblivious pseudorandom function in a key management system

Country Status (6)

Country Link
US (1) US10841080B2 (en)
JP (1) JP7268948B2 (en)
CN (1) CN111886587B (en)
DE (1) DE112019001441T5 (en)
GB (1) GB2585170B (en)
WO (1) WO2019180521A1 (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11539517B2 (en) * 2019-09-09 2022-12-27 Cisco Technology, Inc. Private association of customer information across subscribers
US11296875B2 (en) * 2019-11-29 2022-04-05 NEC Laboratories Europe GmbH Password-authenticated public key establishment
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities
US11368296B2 (en) * 2020-04-15 2022-06-21 Sap Se Communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption and oblivious transfer
US11368281B2 (en) * 2020-04-15 2022-06-21 Sap Se Efficient distributed secret shuffle protocol for encrypted database entries using dependent shufflers
US11356241B2 (en) * 2020-04-15 2022-06-07 Sap Se Verifiable secret shuffle protocol for encrypted data based on homomorphic encryption and secret sharing
US11411725B2 (en) 2020-04-15 2022-08-09 Sap Se Efficient distributed secret shuffle protocol for encrypted database entries using independent shufflers
JP2022030661A (en) * 2020-08-07 2022-02-18 キオクシア株式会社 Memory system, control method, and information processing system
US12407495B2 (en) * 2020-09-14 2025-09-02 Hewlett Packard Enterprise Development Lp Encryption keys from storage systems
US12192352B2 (en) * 2020-11-24 2025-01-07 International Business Machines Corporation Key reclamation in blockchain network via OPRF
US12323517B2 (en) 2020-12-15 2025-06-03 International Business Machines Corporation Crypto-erasure of data stored in a key per IO-enabled device via internal action
US12184771B2 (en) * 2021-05-21 2024-12-31 Samsung Electronics Co., Ltd. Encryption key generating method, apparatus, ciphertext operation method and apparatus using the generated encryption key
CN114003336B (en) * 2021-09-30 2025-07-11 济南浪潮数据技术有限公司 A virtual machine encryption method, device, equipment and medium in a cloud platform
EP4184858B1 (en) * 2021-11-23 2024-05-29 Sedicii Innovations Ltd. Secure multi-party computations without online communication
CN114398627A (en) * 2022-01-26 2022-04-26 南京南瑞国盾量子技术有限公司 Zero-trust-based power scheduling quantum password cloud application system and method
CN116582237A (en) * 2022-02-10 2023-08-11 首尔大学校产学协力团 Homomorphic encryption operation key management system and management method
US12388629B2 (en) * 2022-07-01 2025-08-12 Sedicii Innovations Ltd. Messageless secure multi-party computations with passive and active adversaries
US12120097B2 (en) 2022-08-17 2024-10-15 International Business Machines Corporation Authenticating key-value data pairs for protecting node related data
US12255980B2 (en) 2023-01-03 2025-03-18 International Business Machines Corporation Homomorphic encryption key management
US20250038957A1 (en) * 2023-07-27 2025-01-30 Cisco Technology, Inc. Managing encryption keys of secure tunnels in multi-tenant edge devices
US20250253904A1 (en) * 2024-02-06 2025-08-07 International Business Machines Corporation Arbitrary spatial filters based on beam transformation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090175442A1 (en) * 2008-01-07 2009-07-09 Microsoft Corporation Digital Rights Management System Protecting Consumer Privacy
WO2017001972A1 (en) * 2015-06-30 2017-01-05 Raghav Bhaskar User friendly two factor authentication
US20170177899A1 (en) * 2015-12-17 2017-06-22 Agency For Science, Technology And Research Encrypted data deduplication in cloud storage

Family Cites Families (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5564106A (en) * 1995-03-09 1996-10-08 Motorola, Inc. Method for providing blind access to an encryption key
JP3656688B2 (en) 1997-03-31 2005-06-08 栄司 岡本 Cryptographic data recovery method and key registration system
US5991414A (en) * 1997-09-12 1999-11-23 International Business Machines Corporation Method and apparatus for the secure distributed storage and retrieval of information
US6976162B1 (en) * 2000-06-28 2005-12-13 Intel Corporation Platform and method for establishing provable identities while maintaining privacy
AU7182701A (en) * 2000-07-06 2002-01-21 David Paul Felsher Information record infrastructure, system and method
KR100406754B1 (en) * 2001-04-11 2003-11-21 한국정보보호진흥원 Forward-secure commercial key escrow system and escrowing method thereof
JP3762691B2 (en) * 2001-11-27 2006-04-05 株式会社スカイパーフェクト・コミュニケーションズ Digital broadcasting system, electronic currency processing method in digital broadcasting system, and receiving terminal
US7363499B2 (en) 2003-09-18 2008-04-22 Sun Microsystems, Inc. Blinded encryption and decryption
US7409545B2 (en) 2003-09-18 2008-08-05 Sun Microsystems, Inc. Ephemeral decryption utilizing binding functions
JP4460251B2 (en) 2003-09-19 2010-05-12 株式会社エヌ・ティ・ティ・ドコモ Structured document signature apparatus, structured document adaptation apparatus, and structured document verification apparatus.
ATE362249T1 (en) * 2004-03-02 2007-06-15 France Telecom METHOD AND DEVICES FOR CREATING FAIR BLIND SIGNATURES
US20110055585A1 (en) 2008-07-25 2011-03-03 Kok-Wah Lee Methods and Systems to Create Big Memorizable Secrets and Their Applications in Information Engineering
US9106628B2 (en) 2009-07-07 2015-08-11 Alcatel Lucent Efficient key management system and method
US8918897B2 (en) 2009-11-24 2014-12-23 Cleversafe, Inc. Dispersed storage network data slice integrity verification
US8468368B2 (en) 2009-12-29 2013-06-18 Cleversafe, Inc. Data encryption parameter dispersal
US10911230B2 (en) 2010-05-19 2021-02-02 Pure Storage, Inc. Securely activating functionality of a computing device in a dispersed storage network
EP2437160A1 (en) * 2010-10-04 2012-04-04 Nagravision S.A. Blinding of modular exponentiation
US20120121080A1 (en) 2010-11-11 2012-05-17 Sap Ag Commutative order-preserving encryption
US8972746B2 (en) 2010-12-17 2015-03-03 Intel Corporation Technique for supporting multiple secure enclaves
US8538029B2 (en) 2011-03-24 2013-09-17 Hewlett-Packard Development Company, L.P. Encryption key fragment distribution
EP2786292B1 (en) 2011-11-28 2016-06-08 Porticor Ltd. Methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management
KR101874119B1 (en) 2012-02-07 2018-07-03 삼성전자주식회사 Authentication method between client and server, machine-readable storage medium, client and server
US8572405B2 (en) * 2012-03-15 2013-10-29 Sap Ag Collusion-resistant outsourcing of private set intersection
US9390271B2 (en) * 2012-08-06 2016-07-12 Samsung Electronics Co., Ltd. Vectorial private equality testing
US9049011B1 (en) * 2012-08-15 2015-06-02 Washington State University Secure key storage and distribution
US9635053B2 (en) * 2013-02-21 2017-04-25 Samsung Electronics Co., Ltd. Computing system with protocol protection mechanism and method of operation thereof
US9084218B2 (en) * 2013-05-23 2015-07-14 Pitney Bowes Inc. Location-based service provider method and system having a user controlled location privacy mechanism
US9712320B1 (en) 2013-06-11 2017-07-18 EMC IP Holding Company LLC Delegatable pseudorandom functions and applications
US9275237B2 (en) 2013-12-09 2016-03-01 Palo Alto Research Center Incorporated Method and apparatus for privacy and trust enhancing sharing of data for collaborative analytics
CN105900375B (en) * 2014-01-13 2020-02-07 维萨国际服务协会 Apparatus, system and method for protecting identity in authenticated transactions
EP3158680B1 (en) * 2014-06-18 2021-02-24 Visa International Service Association Efficient methods for authenticated communication
GB2529633A (en) * 2014-08-26 2016-03-02 Ibm Password-based generation and management of secret cryptographic keys
RU2710897C2 (en) * 2014-08-29 2020-01-14 Виза Интернэшнл Сервис Ассосиэйшн Methods for safe generation of cryptograms
AU2016211551B2 (en) * 2015-01-27 2020-03-12 Visa International Service Association Methods for secure credential provisioning
WO2016128070A1 (en) * 2015-02-13 2016-08-18 Nec Europe Ltd. Method for storing a data file of a client on a storage entity
US11088834B2 (en) 2015-04-28 2021-08-10 Palo Alto Research Center Incorporated System for privacy-preserving monetization of big data and method for using the same
US11018858B2 (en) 2015-12-08 2021-05-25 Nec Corporation Method for re-keying an encrypted data file
US10503730B1 (en) 2015-12-28 2019-12-10 Ionic Security Inc. Systems and methods for cryptographically-secure queries using filters generated by multiple parties
US9565020B1 (en) 2016-02-02 2017-02-07 International Business Machines Corporation System and method for generating a server-assisted strong password from a weak secret
US10169252B2 (en) 2016-07-15 2019-01-01 International Business Machines Corporation Configuring functional capabilities of a computer system
US10496638B2 (en) 2016-12-07 2019-12-03 City University Of Hong Kong Systems and methods for privacy-assured similarity joins over encrypted datasets
US10313133B2 (en) 2017-06-21 2019-06-04 Visa International Service Association Secure communications providing forward secrecy
US10904225B2 (en) 2018-05-07 2021-01-26 Microsoft Technology Licensing, Llc Computing a private set intersection
US11070366B2 (en) 2018-05-08 2021-07-20 Nec Corporation Dynamic anonymous password-authenticated key exchange (APAKE)
US11368445B2 (en) 2018-05-21 2022-06-21 Amazon Technologies, Inc. Local encryption for single sign-on

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090175442A1 (en) * 2008-01-07 2009-07-09 Microsoft Corporation Digital Rights Management System Protecting Consumer Privacy
WO2017001972A1 (en) * 2015-06-30 2017-01-05 Raghav Bhaskar User friendly two factor authentication
US20170177899A1 (en) * 2015-12-17 2017-06-22 Agency For Science, Technology And Research Encrypted data deduplication in cloud storage

Also Published As

Publication number Publication date
CN111886587B (en) 2024-05-14
GB202016232D0 (en) 2020-11-25
JP2021516901A (en) 2021-07-08
DE112019001441T5 (en) 2020-12-17
US10841080B2 (en) 2020-11-17
GB2585170B (en) 2021-07-21
WO2019180521A1 (en) 2019-09-26
US20190296896A1 (en) 2019-09-26
JP7268948B2 (en) 2023-05-08
CN111886587A (en) 2020-11-03

Similar Documents

Publication Publication Date Title
GB2585170A (en) Oblivious pseudorandom function in a key management system
US11706026B2 (en) Location aware cryptography
US11695561B2 (en) Decentralized authorization of user access requests in a multi-tenant distributed service architecture
US10193700B2 (en) Trust-zone-based end-to-end security
CN113691502B (en) Communication method, device, gateway server, client and storage medium
US8984295B2 (en) Secure access to electronic devices
CN101291224B (en) Method and system for processing data in communication system
EP4035333A1 (en) Non-custodial tool for building decentralized computer applications
US9374360B2 (en) System and method for single-sign-on in virtual desktop infrastructure environment
CN104283688B (en) A kind of USBKey security certification systems and safety certifying method
CN107359998A (en) A kind of foundation of portable intelligent password management system and operating method
CN105027107A (en) Secure virtual machine migration
CN106576043A (en) Virally distributable trusted messaging
CN116502732B (en) Federal learning method and system based on trusted execution environment
US11431513B1 (en) Decentralized authorization of user access requests in a distributed service architecture
US9313185B1 (en) Systems and methods for authenticating devices
CN114070614A (en) Identity authentication method, device, equipment, storage medium and computer program product
US12022009B2 (en) Method and device for performing access control by using authentication certificate based on authority information
US11743044B2 (en) Password-less authentication using key agreement and multi-party computation (MPC)
CN101944216A (en) Double-factor online transaction security authentication method and system
CN101150399A (en) Generation method for share secret key
US20210014051A1 (en) System and method for secure input at a remote service
US20230403552A1 (en) Ultra-wideband session key sharing scheme
US20070005966A1 (en) Derivation of a shared keystream from a shared secret
US20220116380A1 (en) System for increasing authentication complexity for access to online systems

Legal Events

Date Code Title Description
746 Register noted 'licences of right' (sect. 46/1977)

Effective date: 20210817